From c7f016b60b74350c3506e4d03a7cc841ca743a14 Mon Sep 17 00:00:00 2001 From: David Duque Date: Wed, 15 Jul 2020 18:26:28 +0100 Subject: [PATCH] Add 'always' modifier to the HSTS add_header directive --- management/web_update.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/management/web_update.py b/management/web_update.py index 66340619..0609c77b 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -188,9 +188,9 @@ def make_domain_config(domain, templates, ssl_certificates, env): # Add the HSTS header. if hsts == "yes": - nginx_conf_extra += "add_header Strict-Transport-Security max-age=15768000;\n" + nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000\" always;\n" elif hsts == "preload": - nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\";\n" + nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\" always;\n" # Add in any user customizations in the includes/ folder. nginx_conf_custom_include = os.path.join(env["STORAGE_ROOT"], "www", safe_domain_name(domain) + ".conf")